Secure subsystem

ABSTRACT

An apparatus for performing secure operations with a dedicated secure processor is described in one embodiment. The apparatus includes security firmware defining secure operations, a processor configured to execute the security firmware and perform a set of operations limited to the secure operations, and a plurality of secure hardware registers, accessible by the processor and configured to receive instructions to perform the secure operations, An apparatus for performing secure operations with a plurality of security assist hardware circuits is described in another embodiment. The apparatus comprises one or more secure hardware registers configured to receive a command to perform secure operations and one or more security assist hardware circuits configured to perform discrete secure operations using one or more secret data objects.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is a continuation of U.S. patent application Ser. No.15/829,718, filed Dec. 1, 2017, and issued as U.S. Pat. No. 10,068,109on Sep. 4, 2018, which is a continuation of U.S. patent application Ser.No. 14/876,600, filed on Oct. 6, 2015, and issued as U.S. Pat. No.9,864,879 on Jan. 9, 2018. The afore-mentioned applications and patentsare incorporated herein by reference, in their entirety, for anypurposes.

BACKGROUND

Data security is a priority in the manufacture of storage systems suchas solid state drives (SSDs), hard disk drives (HDDs), tape drives,optical drives, etc. Preventing access to secret data objects, such asencryption keys, provides individuals, businesses, and governments withconfidence in the ability of the storage systems to adapt to increasingamounts of electronically stored information without sacrificingsecurity. Traditional storage systems integrate a controller on a singlesystem on chip (SOC) design that includes a processor for performingsecure operations, firmware for accessing and performing operations onsecret data objects, and secure information, such as encryption keys,stored within an internal SOC memory. In such configurations, theboundary (e.g., the various connections and means of accessing thecomponents of the SOC) of the SOC is the smallest boundary in whichsecret data objects, such as encryption keys or keys that are used toderive encryption keys, may be guaranteed secure. That is, secret dataobjects are only as secure as the SOC, and any device that can accessthe components of the SOC (e.g., the processor) can also access thesecret data objects,

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram of an apparatus including a datastorage system, in accordance with an embodiment of the presentinvention.

FIG. 2 is a functional block diagram of an apparatus including a datastorage system with a secure subsystem, in accordance with an embodimentof the present invention.

FIG. 3 is a flowchart depicting operational steps for performing secureoperations, in accordance with the embodiment of FIG. 2.

FIG. 4 is a functional block diagram of an apparatus including a datastorage system with a secure subsystem, in accordance with an embodimentof the present invention.

FIG. 5 is a flowchart depicting operational steps for performing secureoperations, in accordance with them embodiment of FIG. 4.

FIG. 6 is a flowchart depicting operational steps for performing secureoperations, in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION

This disclosure recognizes that traditional data storage systems sufferfrom certain security related shortcomings. For example, traditionalsystems use one or more common microprocessors, which are subject tocommands from both security firmware and unsecure storage systemfirmware. Because the system resources that handle secret informationand perform secure operations are accessible by any firmware running onthe system microprocessor, secret information is just as susceptible tomanipulation by storage system firmware as security firmware. Therefore,when ensuring the security of the system, the entire SOC, including anynon-security related components, must meet any security requirements,because unauthorized access to unsecure components could result incompromising secret information and lead to security breaches.Embodiments disclosed herein are directed to a security subsystem whichisolates components that perform secure operations and handle secureinformation from general purpose components while limiting communicationbetween secure and unsecure components in order to protect againstunauthorized access of secret data objects.

Turning now to the figures, FIG. 1 is a functional block diagram of anapparatus (e.g., an integrated circuit, a memory device, a memorysystem, an electronic device or system, a smart phone, a tablet, acomputer, a server, etc.), generally designated 100. The apparatus 100includes a data storage system 102, in accordance with an embodiment ofthe present invention. The data storage system 102 is a memory systemcapable of performing secure data operations, such as data encryptionand decryption. The data storage system 102 may also store and retrievedata, including encrypted data, in one or more memories or storagemedia. The data storage system 102 generally includes a controller 104,dynamic memory 106, external (to the controller) nonvolatile memory 108,storage media 110, and may be connected to a host device 116.

Controller 104 may be any combination of components capable of executingsecure operations and storing secret data objects, such as encryptionkeys within a secure subsystem. Controller 104 may limit communicationbetween system components and secure components based on the purposes ofthe components and the operations to be performed. To effect suchlimited communication, the controller 104 includes storage controllercircuitry 114, a secure subsystem 112, and memory/media interfaces 118.In various embodiments, the secure subsystem 112, storage controllercircuitry 114, and/or memory/media interfaces 118 may be parts of asingle integrated circuit, where the boundaries between are defined bycircuit connections. In other embodiments, the secure subsystem 112 maybe a discrete circuit or chip that can be connected to the storagecontroller circuitry 114 and/or the memory/media interfaces 118. Thesecure subsystem 112 may include a number components configured toperform secure operations and store secret data. The secure subsystem112 may include a number of system components for performing generalsecurity operations which implicate secret data objects.

The secure subsystem 112 may include, for example, a dedicated secureprocessor, secure hardware registers, security assist hardware, securityfirmware, components for performing encrypt and decrypt operations, andinternal storage, such as random access memory (RAM) and/or non-volatilememory. The storage controller circuitry 114 may include a number ofsystem components for performing general controller operations which donot implicate secret data objects. The storage controller circuitry 114may include, for example, one or more processing elements, systemhardware registers, system firmware, system assist hardware, host,memory, and media interfaces, and/or read and write data path controlcircuits. The memory/media interfaces 118 may include one or moreinterfaces to enable communication between the secure subsystem 112 andone or more external storage devices (e.g., dynamic memory 106, externalnonvolatile memory 108, and/or storage media 110). Detailed embodimentsof the controller 104 are discussed in further detail below with respectto FIGS. 2 and 4,

The dynamic memory 106 may be, for example, dynamic random access memory(DRAM). The dynamic memory 106 may be accessible by the controller 104via the memory/media interfaces 118. One or more of the components ofthe controller 104, such as the secure subsystem 112 and/or the storagecontroller circuitry 114 may be able to access the dynamic memory 106via the memory/media interfaces 118. The controller 104 may store and/orretrieve data on the dynamic memory 106. In various embodiments, thedynamic memory 106 may have stored thereon encrypted data, such asprogram instructions or other information for use by the controller 104including one or more subsystems within the controller 104 (e.g., securesubsystem 112 and/or memory access circuitry 114). The externalnonvolatile memory 108 may be, for example, a flash memory device, suchas NOR flash. The external nonvolatile memory 108 may be accessible bythe controller 104, including one or more subsystems of the controller104, such as secure subsystem 112 and/or the storage controllercircuitry 114. The controller 104 may store and/or retrieve data on theexternal nonvolatile memory 108. In various embodiments, the externalnonvolatile memory 108 may have stored thereon encrypted data, such asprogram instructions or other information for use by the controller 104,including by one or more subsystems within the controller 104 (e.g.,secure subsystem 112 and/or storage controller circuitry 114).

The storage media 110 can include a number of arrays of memory cells(e.g., non-volatile memory cells). The arrays can be flash arrays with aNAND architecture, for example. However, embodiments are not limited toa particular type of memory array or array architecture. The memorycells can be grouped, for instance, into a number of blocks including anumber of physical pages, A number of blocks can be included in a planeof memory cells and an array can include a number of planes. As oneexample, a memory device may be configured to store 8 KB (kilobytes) ofuser data per page, 128 pages of user data per block, 2048 blocks perplane, and 16 planes per device.

In operation, data can be written to and/or read from storage media 110as a page of data, for example. Data can be sent to/from a host (e.g.,host device 116) in data segments referred to as sectors (e.g., hostsectors) that are mapped on to page units. The secure subsystem 104 mayperform any encrypting or decrypting necessary to facilitate datatransfer between the storage media 110 and the host device 116, whileensuring that all secret data objects (e.g., encryption/decryption keys)remain within the secure subsystem 112.

The host device 116 may be any host system such as a personal laptopcomputer, a desktop computer, a tablet computer, a smart phone, apersonal digital assistant, or any other programmable electronic devicecapable of using and/or creating secret information. In variousembodiments, the host device 116 may provide data to be written tostorage media 110 or request data from storage media 110 via datastorage system 102. The controller 104 may receive the requests andperform the requested functions using one or more subsystems, such assecure subsystem 112 and/or storage controller circuitry 114 such thatsecret data objects remain within the secure subsystem 112 and are notaccessible by any systems or components external to the secure subsystem112.

FIG. 2 is a functional block diagram of an apparatus, generallydesignated 200, including a data storage system 202, in accordance withan embodiment of the present invention. The data storage system 202generally includes a controller 204 having a secure subsystem 212,storage controller circuitry 214, and memory/media interfaces 254, adynamic memory 206, an external nonvolatile memory 208, and storagemedia 210. A host device 216 may be coupled to the data storage system202. In various embodiments, the apparatus 200 may be implemented as theapparatus 100 described above with respect to FIG. 1. Specifically, thedynamic memory 206, external nonvolatile memory 208, storage media 210,and host device 216 may each be implemented as described above withrespect to dynamic memory 106, external nonvolatile memory 108, storagemedia 110, and host device 116, respectively, in FIG. 1.

The controller 204 may include a number of components for performingoperations, including secure operations which result in and/ormanipulate secret data, related to data storage and retrieval. Thecomponents of the controller 204 may include a secure subsystem 212 forperforming secure operations, such as encryption and decryption of data,and manipulating secret data objects, such as encryption keys. In oneembodiment, the secure subsystem 212 is a self-contained integratedcircuit or chip instantiated inside of the controller 204. In anotherembodiment, the secure subsystem 212 may be an integrated circuitsubsystem of an SOC. The secure subsystem 212 may be enclosed by asecure boundary, which may be a physical boundary and/or may be definedby the number and types of connections between the secure subsystem 212and other components of the data storage system 202. The controller 204may further include storage controller circuitry 214 for performingcontroller functions which do not require access to secret data objects.For example, the storage controller circuitry 214 may provide aninterface for communication between the data storage system 202 and thehost device 216. For example, the storage controller circuitry 214 mayreceive incoming read and write requests and request that secureoperations be performed by the secure subsystem 212.

The memory/media interfaces 254 may generally include one or moreinterfaces to enable communication with one or more external storagedevices (e.g., dynamic memory 206, external nonvolatile memory 208,and/or storage media 210). The memory/media interfaces 254 may includethe memory interface 252 and the media interface 250. The memoryinterface 252 provides an interface between the transfer control 234 ofthe secure subsystem 212 and the dynamic memory 206 and/or the externalnonvolatile memory 208. As described above, some secret data objects maybe encrypted and stored external to the secure subsystem 212 so long asthe key to decrypt the secret data objects remains stored within thesecure subsystem 212 or is itself encrypted for storage outside of thesecure subsystem 212. The memory interface 252 may be a communicationinterface between the transfer control 234 and therefore may becontrolled by the secure subsystem 212 despite being located external tothe secure subsystem. The memory interface 252 may also be controlled,for example, by one or more components of the storage controllercircuitry 214. The media interface 250 may access the storage media 210on behalf of the host device 216 via commands (e.g., read/writecommands) issued to the host interface 244. The media interface 250 mayallocate storage, access, read data, write data, erase data, and/orperform other management operations with respect to the storage media210.

In the embodiment of FIG. 2, the secure subsystem 212 includes securehardware registers 218, a secure processor 220, security firmware 222,security assist hardware 224, internal nonvolatile memory 226, internalRAM 228, an encrypt circuit 230, a decrypt circuit 232, and a transfercontrol circuit 234. The secure hardware registers 218 may include aplurality of hardware registers. In various embodiments, the securehardware registers 218 may be general purpose registers in a registerfile. A subset of the secure hardware registers 218 may be accessible byone or more components that are external to the secure subsystem 212,such as one or more components of the storage controller circuitry 214(described below). The external components may write information such ascommands and or data for performing secure operations within the securesubsystem 212 to the subset of the secure hardware registers 218. Whileaccess by external components to the secure hardware registers 218 maybe limited to a subset for the secure hardware registers 218, componentsinternal to the secure subsystem 212 (e.g., the secure processor 220)may access all of the secure hardware registers 218. In variousembodiments, the secure hardware registers 218 may be configured tonotify the secure processor 220 executing security firmware 222 that arequest for a secure operation to be performed by the secure processor220 was received.

In the embodiment of FIG. 2, the secure subsystem 212 includes thesecure processor 220, which may be a dedicated processor ormicrocontroller for performing secure operations that involve, create,and/or manipulate secret data objects, such as encryption keys. Invarious embodiments, the secure processor 220 may be a general purposeprocessor or a special purpose processor capable of performing secureoperations. The secure processor 220 may access the secure hardwareregisters 218 in order to receive commands and/or data for performingsecure operations within the secure subsystem 212. The secure processor220 may access and execute security firmware 222. In variousembodiments, the security firmware 222 may control the operations thatthe secure processor 220 can perform. For example, the security firmware222 may define the complete set of secure operations that the secureprocessor 220 may perform. The secure processor may be configured toperform operations limited to the set of secure operations defined bythe security firmware 222. The security firmware 222 may also define thecomponents with which the secure processor 220 may communicate, bothwithin the secure subsystem 212 and external to the secure subsystem212.

The security assist hardware circuit 224 may provide hardware executionof various discrete operations performed by the secure subsystem 212.Those skilled in the art will appreciate that various embodiments of theapparatus 200 may include any number of security assist hardwarecircuits 224, or no security assist hardware circuits 224. The securityassist hardware circuit 224 may include various circuits for performingspecific functions including, but not limited to, data encryption anddecryption, signature calculation and checking, and/or random numbergeneration. Such operations may be steps in processes executed tofulfill the operational requirements of the secure subsystem 212. Assuch, the security assist hardware circuit 224 may include varioushardware submodules, each of which may be controlled by the securityfirmware 222 being executed by the secure processor 220. The operationsperformed by the security assist hardware circuit 224 may be componentoperations of secure operations, such as client authentication,encryption key generation, key identification, key selection, andretrieval, In various embodiments, the security assist hardware circuit224 is controlled entirely by the security firmware 222 executing on thesecure processor 220 so that any data provided to or by the securityassist hardware circuit 224 is not accessible from outside of the securesubsystem 212.

In the embodiment of FIG. 2, the internal nonvolatile memory 226 andinternal RAM 228 may provide internal memories for use by variouscomponents in the secure subsystem 212. Both internal nonvolatile memory226 and internal RAM 228 may be accessed by the secure processor 220executing the security firmware 222. The internal nonvolatile memory 226may contain secret data objects or other information that may need to bepersistent across power down and power up cycles. The internal RAM 228may buffer data used by components of the secure subsystem 212, Forexample, the internal RAM 228 may receive encrypted secret data objectsfrom external storage (e.g., dynamic memory 206 and/or externalnonvolatile memory 208) or buffer encrypted secret data objects forstorage in external storage (e.g., dynamic memory 206 and/or externalnonvolatile memory 208). Secret data objects may be stored external tothe secure subsystem 212 if the secret data objects are first encryptedby a secret encryption key that remains within the secure subsystem 212.In various embodiments, the internal RAM 228 may communicate with thedynamic memory 206 and/or external nonvolatile memory 208 via a transfercontrol circuit 234. The transfer control circuit 234 may provide aninterface for data transfer between the secure subsystem 212 andexternal systems, such as the storage controller circuitry 214, dynamicmemory 206, and/or external nonvolatile memory 208 via the memoryinterface 252. Those skilled in the art will appreciate that variousembodiments may not include the internal nonvolatile memory 226 andinternal RAM 228. In such embodiments, the secure subsystem 212 mayencrypt secret information for storage external to the secure subsystem212, for example, in dynamic memory 206 and/or external nonvolatilememory 208.

Encrypt circuit 230 and decrypt circuit 232 may reside inside of thesecure subsystem 212 and perform encryption and decryption functions,respectively, on data provided by (e.g., during a write operation) orrequested by (e.g., during a read operation) the storage controllercircuitry 214. In various embodiments, the encrypt circuit 230 receivesdata for encryption from the storage controller circuitry 214. Thesecure processor 220, executing the security firmware 222, provides theencrypt circuit 230 with an encryption key (e.g., an encryption keystored in internal nonvolatile memory 226). The encryption circuit 230may encrypt the received data using the provided encryption key andprovide the encrypted information to the media interface 250 in thememory/media interfaces 254 to be stored in storage media 210. Byperforming the encryption function within the secure subsystem 212, allsecret data objects (e.g., the encryption key) remains within the securesubsystem 212 and inaccessible to components outside of the secureboundary that defines the secure subsystem 212. The decrypt circuit 232operates in a similar manner. Specifically, the decrypt circuit 232receives a request to retrieve encrypted data stored in the storagemedia 210. The decrypt circuit retrieves the encrypted data from thestorage media 210 via the media interface 250. The secure processor 220executing the security firmware 222 provides the decryption key to thedecrypt circuit 232. The decrypt circuit 232 decrypts the requested datausing the provided decryption key and provides the decrypted data to thestorage controller circuitry 214. By performing the decryption functionwithin the secure subsystem 212, any secret data objects (e.g., thedecryption key) remains within the secure subsystem 212 and inaccessibleto components outside of the secure boundary that defines the securesubsystem 212.

In the embodiment of FIG. 2, the storage controller circuitry 214includes one or more system processors 236 system hardware registers238, storage system firmware 240, system assist hardware 242, a hostinterface 244, a write data path control circuit 246, and a read datapath control circuit 248. The system processor can be one or moregeneral purpose processors or one or more specialized processors ormicrocontrollers for performing operations that do not implicate secretdata objects and communicating with the secure subsystem 212. The systemprocessor 236 may provide commands and/or information (e.g., commandparameters) to the secure hardware registers 218 across the secureboundary of the secure subsystem 212. As discussed above, the systemprocessor 236 may have access (e.g., the ability to read from and writeto) to a subset of the secure hardware registers 218. By limiting accessby the system processor 236 to secret data objects within the securesubsystem 212, the security of those secret data objects may beincreased. The system processor 236 may execute storage system firmware240. The storage system firmware 240 may define the operations that thesystem processor 236 can perform. Additionally, the storage systemfirmware 240 can define what commands may be submitted by the systemprocessor 236 to the secure hardware registers 218 for execution by thesecure processor 220. As such, the types and content of communicationbetween the storage controller circuitry 214 and the secure subsystem212 may be controlled and limited in order to increase the security ofsecret data objects stored in the secure subsystem 212.

The system hardware registers 238 may include a plurality of hardwareregisters. In various embodiments, the system hardware registers 238 maybe general purpose registers in a register file. All of, or a subset ofthe system hardware registers 238 may be accessible by one or morecomponents inside of the secure boundary of the secure subsystem 212,such as the secure processor 238. The components of secure subsystem 212may write information to a subset of the system hardware registers 238,such as confirmation that a secure operation was successfully completed.While access by components of the secure subsystem 212 to the systemhardware registers 238 may be limited to a subset of the system hardwareregisters 238, components external to the secure subsystem 212 (e.g.,the system processor 236) may access all of the system hardwareregisters 238.

The host interface 244 can be in the form of a standardized interface ora specialized interface. For example, the host interface 106 can be aserial advanced technology attachment (SATA), peripheral componentinterconnect express (PCIe), or a universal serial bus (USB), amongother connectors and interfaces. In general, the interface 106 providesa communication mechanism for passing control signals, addressinformation, data, and other signals between the data storage system 202and the host device 216. In various embodiments, the host interface 244can receive write commands and data from the host device 216 to beencrypted and written to the storage media 210. The host interface 244may receive read commands to decrypt and return data that is stored inthe storage media 210.

The write data path control circuit 246 guides and controls write dataflow from the host interface 244 to the encrypt circuit 230 in thesecure subsystem 212. The write data path control circuit may becontrolled by the system processor 236 executing the storage systemfirmware 240. For example, the host interface 244 may receive a writerequest and the data to be written to the storage media 210 from thehost device 216. The system processor 236 may write an encrypt commandto the secure hardware registers 218 to perform a write operation. Thesecure hardware registers 218 may notify the secure processor 220executing the security firmware 222 that an encrypt command wasreceived. The secure processor 220 may provide an encryption key to theencrypt circuit 230. The system processor 236 may instruct the writedata path control circuit 246 to provide the data to be encrypted andstored to the encrypt circuit 230 across the secure boundary of thesecure subsystem 212. The encrypt circuit 230 may then encrypt thereceived data using the encryption key provided by the secure processor220. Accordingly, all secret data objects (e.g., the encryption key)remain within the secure subsystem 212 and are not accessible bycomponents external to the secure subsystem 212. The encrypted data maythen be provided to the media interface 250 in the memory/mediainterfaces 254 and stored on the storage media 210.

The read data path control circuit 248 guides and controls read dataflow from the decrypt circuit 232 in the secure subsystem 212 to thehost interface 244. The read data path control circuit 248 may becontrolled by the system processor 236 executing the storage systemfirmware 240. For example, the host interface 244 may receive a readrequest from the host device 216 for data stored in the storage media210 in an encrypted format. The system processor may write a readrequest for the identified data to the secure hardware registers 218 inthe secure subsystem 212. The secure hardware registers 218 may notifythe secure processor 220 executing the security firmware 222 that a readrequest has been received. The secure processor 220 may provide theencryption key associated with the requested data to the decrypt circuit232. The decrypt circuit 232 may retrieve, via the media interface 250,the requested encrypted data from the storage media 210. The decryptcircuit 232 may then decrypt the requested data using the decryption keyprovided by the secure processor 220 and provide the decrypted data tothe read data path control 248. The read data path control circuit 248may provide the decrypted data to the host interface 244 which providesthe decrypted data to the host device 216.

FIG. 3 is a flowchart depicting operational steps, generally designated300, for processing secure operations, in accordance with the embodimentof FIG. 2. In operation 302, the secure subsystem (e.g., securesubsystem 212) receives a command at one or more secure hardwareregisters (e.g., secure hardware registers 218). The command may bereceived from a device external to the secure subsystem, such as asystem processor (e.g., system processor 236). The command may includeinstructions to execute a particular secure operation that implicatessecret data objects, such as read or write commands which implicateencryption keys stored within the secure subsystem. The command mayfurther include any necessary parameters for performing the secureoperation. As discussed above with respect to FIG. 2, the command may bereceived at one or more of a subset of the secure hardware registers 218that is accessible to the system processor 236. Those secure hardwareregisters which are not accessible by the system processor 236 cannotreceive commands from the system processor 236. By limiting access tothe secure hardware registers 218, the security of secret data objectsstored within the secure subsystem 212 may be increased.

In operation 304, the secure subsystem 212 or a component thereofnotifies the secure processor 220 that a command has been received. Thesecure hardware registers 218 may be configured to transmit anotification via an internal bus within the secure subsystem 212 to thesecure processor 220 in response to receiving a command. The secureprocessor 220, executing the security firmware 222 may determine how thereceived command should be processed. As discussed above, the secureprocessor 220 may be limited to performing particular secure operationsdefined by the security firmware 222. In such embodiments, the secureprocessor 220 may only execute the requested command if it is permittedto by the security firmware 222. If the received command does notcorrespond to a permitted secure operation as defined by the securityfirmware 222, then the secure processor 220 may return an exception oran error indicating that the received command is unpermitted by thesecurity firmware 222 by, for example, writing a description of theexception to system hardware registers 238.

Where the received command is a permitted command, the secure subsystem212 executes a secure operation with the secure processor 220 and/orsecurity assist hardware (e.g., security assist hardware circuit 224)based on the received command, in operation 306. The secure processor220 may execute a secure operation requested by the received command(e.g., a write operation, a read operation, encryption/decryptionoperations, encryption key generation, etc.). Prior to, during, andfollowing the execution of the secure operation, the secure subsystem212 may ensure that all secret data objects remain within the secureboundary unless encrypted.

In operation 308, the secure subsystem 212 transmits a response tosystem hardware registers 238. The secure processor 220 may transmit theresponse across the secure boundary of the secure subsystem 212. Invarious embodiments, the response may be an appropriate value or set ofvalues based on the received command. For example, the response may bean indication that the received command was completed successfully. Thesystem processor 236 may read the value from the system hardwareregisters 238 and interpret the response.

FIG. 4 is a functional block diagram of an apparatus, generallydesignated 400, including a data storage system 402, in accordance withan embodiment of the present invention. The data storage system 402 mayinclude a controller 404 including a secure subsystem 412, storagecontroller circuitry 414, and memory/media interfaces 454, a dynamicmemory 406, an external nonvolatile memory 408, and storage media 410.In various embodiments, the memory media interfaces 454 (includingmemory interface 452 and media interface 450), the dynamic memory 406,the external nonvolatile memory 408, and the storage media 410 may beimplemented as described above with respect to the memory/mediainterfaces 254 (including memory interface 252 and media interface 250),dynamic memory 206, the external nonvolatile memory 208, and the storagemedia 210 in the embodiment of FIG. 2 and/or the memory/media interfaces118, the dynamic memory 106, the external nonvolatile memory 108, andthe storage media 110 in the embodiment of FIG. 1, respectively. Thedata storage system 402 may be coupled to a host device 416. The hostdevice 416 may be implemented as described above with respect to hostdevice 116 and host device 216 in the embodiments of FIGS. 1 and 2,respectively. The controller 404 may be implemented as the controller104 in FIG. 1.

In the embodiment of FIG. 4, the secure subsystem 412 includes aplurality of secure hardware registers 418, security assist hardwarecircuits 420, internal RAM 424, internal nonvolatile memory 422, asecurity control circuit 426, an encrypt circuit 428, a decrypt circuit430, and a transfer control circuit 432. The secure hardware registers418, the internal RAM 424, the internal nonvolatile memory 422, theencrypt circuit 428, the decrypt circuit 430, and the transfer controlcircuit 432 may be implemented as described above with respect to thesecure hardware registers 218, the internal RAM 228, the internalnonvolatile memory 226, the encrypt circuit 230, the decrypt circuit232, and the transfer control circuit 234, respectively, of theembodiment of FIG. 2. In the embodiment of FIG. 4, the security assisthardware circuits provide the functionality of performing secureoperations within a secure boundary in the absence of a dedicated secureprocessor.

The security control circuit 426 provides communication functionalitybetween components within the secure subsystem 412. Additionally, thesecurity control circuit 426 may provide a communication path betweenthe secure subsystem 412 and the storage controller circuitry 414.Specific functions of the security control circuit 426 are described infurther detail below.

The security assist hardware circuits 420 may be a plurality of hardwarecircuits configured to fully execute discrete secure operations.Examples of discrete secure operations performed by the security assisthardware circuits 420 include, but are not limited to random numbergeneration, encryption key generation, signature calculation, symmetricencryption or decryption], asymmetric encryption or decryption, datamanipulation operations, and data movement operations. One or moresecurity assist hardware circuits 420 may be triggered in response tothe secure hardware registers 418 receiving a command, as describedabove with respect to FIG. 2. In certain embodiments, particularregister locations in the secure hardware registers 418 may correspondto particular security assist hardware circuits 420. The secure hardwareregisters 418 may provide a notification, via the security controlcircuit 426, to one or more of the security assist hardware circuits 420that a command (and any related parameters) was received at the securehardware registers 418 for execution by the one or more security assisthardware circuits 420. Once the security assist hardware circuits 420completes execution of the secure operation, the security assisthardware circuit 420 may provide a value indicating completion of thesecure operation back to the secure hardware registers 418 or to thestorage controller circuitry 414.

The security assist hardware circuit 420 may use, access, generate, orotherwise implicate secret data objects (e.g., encryption keys) that arekept within the secure subsystem 412 and/or inaccessible to componentsexternal to the secure subsystem 412 (e.g., the memory access hardware414). To maintain the security of secret data objects, the securityassist hardware circuit 420 may store the secret data objects in aninternal memory system, such as the internal RAM 424, the internalnonvolatile memory 422, or register locations in the secure hardwareregisters 418 that are not accessible by the storage controllercircuitry 414. The secret data objects may also be encrypted and storedin an external memory device, such as the dynamic memory 406 and/or theexternal nonvolatile memory 408, via the memory/media interfaces 454 solong as the keys for decrypting the secret data objects remains withinthe secure subsystem 412.

Examples of particular security assist hardware circuit 420 will now bediscussed. It should be appreciated that this discussion is provided byway of example only, and additional circuits that perform differentsecure operations are possible without deviating from the scope of thisdisclosure.

In a first example, a security assist hardware circuit 420 enablesrandom number generation. A command to generate a random number may bereceived at the secure hardware registers 418, which notify theapplicable security assist hardware circuit 420. The security assisthardware circuit 420 may generate a sequence of random bits from agenerator, accumulate the sequence of bits into a holding register of adefined length, condition the accumulated value according to aconditioning algorithm by, for example, a deterministic random bitgenerator, write the result into an internal memory location (e.g.,internal RAM 424), and transmit a completion notification to the storagecontroller circuitry 414.

In a second example, a security assist hardware circuit 420 enablesencryption key generation. Generation of encryption keys may depend on apreviously generated secret data object, such as a random numberproduced by a random number generation security assist hardware circuit420 that serves as an encryption key. The encryption key generationsecurity assist hardware circuit 420 may implement any suitabletransformation function to generate the encryption key. In operation, acomponent of the storage controller circuitry 414 may provide a commandto generate an encryption key to the secure hardware registers 418 andsupply an address to a previously generated random number, parameterizethe transformation, and define a location for the resulting encryptionkey. The encryption key generation security assist hardware circuit 420may perform the defined transformation on the random number at thedesignated location to generate the encryption key and store theresulting encryption key at the designated location. The encryption keygeneration security assist hardware circuit 420 may then transmit anotice, such as an event interrupt, to the storage controller circuitry414 that the encryption key was successfully generated and the locationof the encryption key.

In a third example, a security assist hardware circuit 420 enablessignature calculation. A signature calculation security assist hardwarecircuit 420 may be employed for secure operations which requirevalidation of information by affixing or checking a signature value. Thestorage controller circuitry 414 may write to the secure hardwareregisters 418 an operation code, an address of a value to be digitallysigned or checked, a length of the value, parameters of the signaturecalculation itself, and a location for the resulting signature orsignature check result. The signature calculation security assisthardware circuit 420 may then generate or check a signature value basedon the provided parameters and store the result in the designatedlocation. The signature calculation security assist hardware circuit 420may then transmit a notice, such as an event interrupt, to the storagecontroller circuitry 414 that the signature value was successfullygenerated or checked and the location of the result.

In a fourth example, a security assist hardware circuit 420 enablessymmetric encryption and/or decryption. A symmetric encryption securityassist hardware circuit 420 may be used to conceal secret data objectsor other data to be moved outside of the secure boundary of the securesubsystem 412. The storage controller circuitry 414 may access thesecure hardware registers 418, define the operation (e.g., whether toencrypt or decrypt), define any operands (e.g., an encryption/decryptionkey), an initialization vector, if applicable, the location and lengthof the data to be encrypted/decrypted, and the location/length at whichto store the result. The symmetric encryption security assist hardwarecircuit 420 may then transmit a notice, such as an event interrupt, tothe storage controller circuitry 414 that the data was successfullyencrypted/decrypted and the location of the result.

In a fifth example, a security assist hardware circuit 420 enablesasymmetric encryption and/or decryption, such as public key/private keyoperations based on RSA or other algorithms. A symmetric encryptionsecurity assist hardware circuit 420 may be used to conceal secret dataobjects or other data to be moved outside of the secure boundary of thesecure subsystem 412. The storage controller circuitry 414 may accessthe secure hardware registers 418, define the operation (e.g., whetherto encrypt or decrypt), define any operands (e.g., an encryption and adecryption key), an initialization vector, if applicable, the locationand length of the data to be encrypted/decrypted, and thelocation/length at which to store the result. The asymmetric encryptionsecurity assist hardware circuit 420 may then transmit a notice, such asan event interrupt, to the storage controller circuitry 414 that thedata was successfully encrypted or decrypted and the location of theresult.

In a sixth example, one or more security assist hardware circuits 420may perform data manipulation functions. For example, data manipulationmay include transferring a key value from a location that is notaccessible by the storage controller circuitry 414 (e.g., internal RAM424 or internal nonvolatile memory 422) to a location where the storagecontroller circuitry 414 may indirectly access the key value (e.g., thesecure hardware registers 418).

In a seventh example, one or more security assist hardware circuits 420may perform data movement functions. One example of a data movementsecurity assist hardware circuit may be transfer control circuit 432,which supports data transfer between the secure subsystem 412 andexternal memory devices, such as the dynamic memory 406 and/or theexternal nonvolatile memory 408.

The storage controller circuitry 414 may include a system processor 434,storage system firmware 436, security firmware 438, system hardwareregisters 440, system assist hardware 442, a host interface 444, a writedata path control circuit 446, and a read data path control circuit 448.The system processor 434, storage system firmware 436, system hardwareregisters 440, system assist hardware 442, host interface 444, a writedata path control circuit 446, read data path control circuit 448 may beimplemented as described above with respect to the system processor 236,the storage system firmware 240, the system hardware registers 238, thesystem assist hardware 242, the host interface 244, the write data pathcontrol circuit 246, the read data path control circuit 248,respectively, in FIG. 2.

The embodiment of FIG. 4 includes the security firmware 438 in thestorage controller circuitry 414 and the system processor 434 isresponsible for executing both the storage system firmware 436 and thesecurity firmware 438. The security firmware 438 defines the particularsecure operations that may be requested by the system processor 434 ofthe secure subsystem 412 to be executed by the security assist hardwarecircuits 420. Accordingly, the operations to be performed and access tosecret data objects stored within the secure subsystem 412 may bemaintained without requiring a dedicated secure processor within thesecure subsystem 412.

FIG. 5 is a flowchart depicting operational steps, generally designated500, for performing secure operations, in accordance with themembodiment of FIG. 4.

In operation 502, the secure subsystem 412 receives a command at one ormore of the secure hardware registers 418. For example, the systemprocessor 434, executing the security firmware 438, may transmit acommand to perform one or more secure operations that create, move,modify, or otherwise implicate secret data objects maintained within thesecure subsystem 412. In various embodiments, the system processor 434may be limited to accessing a subset of the secure hardware registers418. In operation 504, the secure subsystem 412 identifies one or moreapplicable security assist hardware circuits 410 to perform the secureoperation. The secure subsystem 412 can identify the one or moreapplicable security assist hardware circuits, for example, by decodingthe received command. In various embodiments, the received command mayindicate a particular security assist hardware circuit 420 to performthe operation, In some embodiments, the command may be received at aparticular secure hardware register 418 that corresponds to a particularsecurity assist hardware circuit 420. In such embodiments, the securitycontrol circuit 426 may automatically transfer the received command tothe applicable security assist hardware circuit 420 upon detectingreceipt of the command.

In operation 506, the secure subsystem executes the requested command byperforming a secure operation with the applicable security assisthardware circuit 420, or other components (e.g., encrypt circuit 428 ordecrypt circuit 430). Various example security assist hardware circuits420 for performing discrete secure operations are described above withrespect to FIG. 4. In operation 508, the secure subsystem 412 writes aresult to the system hardware registers 440. In various embodiments, theresult may include a value indicating whether the secure operation wassuccessfully completed and/or the location of any resultant data (e.g.,decrypted data). The security control circuit 426 may provide thecommunication interface between the secure subsystem 412 and the systemhardware registers 440.

FIG. 6 is a flowchart depicting operational steps, generally designated600, for performing secure operations, in accordance with an embodimentof the present invention.

In operation 602, a secure subsystem receives a command at securehardware registers (e.g., secure hardware registers 218, 418). Inoperation 604, the secure subsystem determines whether the receivedcommand is a write command, In various embodiments, the secure subsystemmay determine whether the received command is a write command based onthe format of the command as interpreted by a secure processor (e.g.,secure processor 220) or by virtue of the particular hardware registerto which the command was written. If the secure subsystem determinesthat the received command is a write command (decision block 604, YESbranch), then the secure subsystem receives the data to be written, inoperation 606. In operation 608, the secure subsystem encrypts the data,for example, using an encrypt circuit (e.g., encrypt circuits 230, 428).In operation 610, the secure subsystem stores the encrypted data in anexternal memory, such as storage media 210, 410. In operation 624, thesecure subsystem transmits a result to the system hardware registers. Invarious embodiments, the result may include a value indicating that thedata was successfully encrypted and written the storage media 210, 410.

If the secure subsystem determines that the received command is not awrite command (decision block 604, NO branch), then the secure subsystemdetermines whether the received command is a read command in operation612. If the secure subsystem determines that the received command is aread command (decision block 612, YES branch), then the secure subsystemretrieves the data to be read from an external memory device, such asstorage media 210, 410 in operation 614. In operation 616, the securesubsystem decrypts the retrieved data, for example, using decryptcircuits 232, 430. In operation 618, the secure subsystem transfers thedecrypted data to a location external to the secure subsystem. Forexample, the secure subsystem may provide the decrypted data to a readdata path control circuit (e.g., read data path control circuits 248,448). In operation 624, the secure subsystem transmits a result to thesystem hardware registers. In various embodiments, the result mayinclude a value indicating that the data was successfully retrieved,decrypted, and provided to the read data path control circuit.

If the secure subsystem determines that the received command is not aread command (decision block 612, NO branch), then the secure subsystemdetermines what type of secure operation is requested by the command inoperation 620. In operation 622, the secure subsystem executes a secureoperation based on the determined type of operation. The secureoperation may be executed by, for example, a secure processor, such assecure processor 220, or by one or more security hardware assistcircuits, such as security hardware assist circuits 224, 420. Inoperation 624, the security subsystem transmits a result to the systemhardware registers, which may indicate that the secure operation wassuccessfully completed.

What is claimed is:
 1. An apparatus comprising: a secure subsystemlocated within a secure boundary and including: a memory deviceconfigured to receive, from outside the secure boundary, one or moresecret data objects not accessible by any systems or components externalto the secure subsystem, the memory device further configured to storethe received one or more secret data objects; a processor configured toexecute security firmware and perform a set of operations limited to aplurality of secure operations for manipulating the one or more secretdata objects received from outside the secure boundary; a plurality ofsecure hardware registers, accessible by the processor and configured toreceive instructions to perform the plurality of secure operations; andone or more security assist hardware circuits configured to performdiscrete operations on data using the one or more secret data objects,wherein the one or more secret data objects are keys for secureoperations.
 2. The apparatus of claim 1, wherein the one or more secretdata objects include at least one encryption key inaccessible to devicesoutside the apparatus.
 3. The apparatus of claim 1, wherein the securesubsystem further includes an encryption circuit configured to encryptthe data using the one or more secret data objects.
 4. The apparatus ofclaim 1, wherein the processor is a security processor, and wherein thesecurity firmware is stored on an external memory and defines a limitednumber of secure operations performed by the security processor.
 5. Theapparatus of claim 1, wherein the secure subsystem further includes adecryption circuit configured to decrypt the data using the one or moresecret data objects.
 6. The apparatus of claim 1, wherein the securesubsystem further includes: an encrypt circuit coupled between theprocessor and a media interface; a decrypt circuit coupled to the mediainterface; and a transfer control circuit coupled to at least onesecurity assist hardware circuit of the one or more security assisthardware circuits.
 7. The apparatus of claim 1, wherein the one or moresecurity assist hardware circuits are configured to perform at least oneof client authentication, encryption key generation, key identification,key selection, and retrieval operations.
 8. The apparatus of claim 1,wherein the secure subsystem is configured to encrypt secret informationfor storage external to the secure subsystem in in at least one ofdynamic memory and nonvolatile memory.
 9. The apparatus of claim 1,wherein the one or more secret data objects include an encryption key,and wherein the secure subsystem further includes an encryption circuitconfigured to encrypt the data using the encryption key and provide theencrypted data to a media interface to be stored in a storage media. 10.The apparatus of claim 1, wherein the one or more secret data objectsinclude a decryption key stored in the memory device to remain withinthe secure subsystem, and wherein the secure subsystem further includesa decrypt circuit configured to decrypt the data using the decryptionkey inaccessible to components outside of the secure boundary, and thedecrypt circuit is further configured to provide the decrypted data to astorage controller circuitry.
 11. An apparatus comprising: an internalmemory device configured to receive, from outside the secure boundary,one or more secret data objects, the internal memory device furtherconfigured to store the one or more secret data objects not accessibleby any systems or components external to the secure subsystem; one ormore secure hardware registers located within a secure boundary andconfigured to receive a command to perform an operation using the one ormore secret data objects received from outside the secure boundary; andone or more security assist hardware circuits coupled to the one or moresecure hardware registers, respectively, the one or more security assisthardware circuits configured to perform discrete operations to accessdata using the one or more secret data objects, wherein the dataaccessed using the one or more secret data objects is provided to or bythe one or more security assist hardware circuits and is not accessiblefrom outside the secure boundary, and wherein the one or more secretdata objects are keys for secure operations.
 12. The apparatus of claim11, further comprising: an encryption circuit configured to encrypt thedata using the one or more secret data objects: and a decryption circuitconfigured to decrypt the data using the one or more secret dataobjects.
 13. The apparatus of claim 11, wherein the one or more secretdata objects encrypt secret information for storage external to a securesubsystem.
 14. The apparatus of claim 11, wherein at least one secretdata object of the one or more secret data objects is encrypted by asecret encryption key and then stored external to a secure subsystem.15. The apparatus of claim 11, further comprising: a memory configuredto store the one or more secret data objects; and a processor configuredto execute security firmware and perform a set of operations including aplurality of secure operations used to manipulate the one or more secretdata objects.
 16. The apparatus of claim 11, wherein the one or moresecret data objects include at least one encryption key.
 17. A methodcomprising: receiving, by one or more secure hardware registers of aplurality of secure hardware registers located in a secure subsystemwithin a secure boundary of an integrated circuit, a request to executea secure operation involving one or more secret data objects encryptedby the secure subsystem, wherein the encrypted one or more secret dataobjects are stored outside the secure subsystem and inaccessible by anysystems or components external to the secure subsystem; accessing, viaor more security assist hardware circuits of a plurality of securityassist hardware circuits, the one or more encrypted secret data objectswith a key stored in the secure subsystem; and executing, via the one ormore security assist hardware circuits, the secure operation on datausing the one or more accessed secret data objects, wherein the one ormore secret data objects are keys for secure operations.
 18. The methodof claim 17, further comprising: executing, by a memory systemprocessor, security firmware responsive to a notification from the oneor more secure hardware registers, the notification provided by the oneor more secure hardware registers based on the received request.
 19. Themethod of claim 17, further comprising: transmitting, to an unsecurehardware register, a value responsive to executing the secure operation.20. The method of claim 17, wherein the secure operation is executedbased on dedicated security firmware stored on a memory within thesecure boundary.